A recent Unisys survey on connected medical devices shows that most consumers are concerned about hackers and other unauthorized people gaining access to internet-connected medical devices belonging to them or someone they know.

Their concerns are understandable. More data than ever is being created, collected, stored, and transmitted from clinical medical devices, consumer wearables, and the Internet of Things (IoT), making them high-value targets for hackers and other bad actors. Further, older connected medical devices lack the security features necessary for the digital age, while many manufacturers of new IoT devices simply overlook security.

Now a new piece of legislation has been introduced in Congress to address the IoT medical device security problem. The Internet of Medical Things Resilience Partnership Act, unveiled in October by Reps. Dave Trott, D-Michigan, and Susan Brooks, R-Indiana, would mandate the Food and Drug Administration (FDA) to create a working group of cybersecurity experts to craft recommended voluntary frameworks and guidelines for securing medical devices.

“There is no such thing as 100 percent security, but we need to identify what you might call the commercially reasonable solutions,” Alan Brill, senior managing director of cybersecurity and investigations practice at investigations and risk mitigation firm Kroll, told Siwicki. “Just as a drug can be accepted as very effective even though some people might have negative reactions, so too Internet of Things medical devices have to get to that level.”

Brill said the working group proposed under the bill ideally would “have a mix of industry, academics and independent experts.”

“I don’t think the effort would be credible with only manufacturer experts,” he said. “Obviously, I’d include the FDA and NIST. The independent experts should be from organizations that are technology-agnostic and do not sell hardware or software, but who bring long experience in information security.”

Marcus Christian, partner, cybersecurity and data privacy practices, at law firm Mayer Brown, agreed that healthcare providers “need to be at the table in deciding how to address challenges.”

featured resources

Blog

The PULSE blog brings together healthcare industry experts from around the world – clinical, operational, technology, and business leaders – to talk about the most pressing challenges, issues, and trends at the intersection of healthcare and technology. Join the conversation today!

WHITE PAPER

Missouri Health Connection, the public health information exchange serving Missouri and neighboring states, is taking a lead in calculating the return on investment it brings to participants. It has developed an easy way to project savings by using data from available studies. It is also working closely with participants to measure actual savings.

WHITE PAPER

In most risk-sharing agreements neither health plans nor providers have the full picture about each patient. And there is often no efficient mechanism for delivering information to clinical decision-makers in time to optimize care delivery. Read our white paper to learn how to enhance collaboration and manage risk through information sharing.